ProjectRationale » History » Version 4
Anonymous, 02/19/2016 10:49 PM
1 | 1 | laforge | |
---|---|---|---|
2 | 4 | laforge | h1. Project Rationale |
3 | |||
4 | |||
5 | |||
6 | h2. Why? |
||
7 | |||
8 | 1 | laforge | Why on earth would somebody want (to write) an open source GSM stack for a GSM baseband chip? |
9 | |||
10 | There's many answers to this question. The first and obvious: Because we can. However, |
||
11 | looking more deeper, there are many good reasons for an Open Source GSM baseband firmware: |
||
12 | |||
13 | 4 | laforge | |
14 | h3. Security of an always-connected device in a public network |
||
15 | |||
16 | 3 | laforge | Every mobile device that is connected to a cellular network runs on some kind of baseband |
17 | 1 | laforge | processor with highly proprietary and closed-source firmware. |
18 | |||
19 | Any reasonably complex software has bugs, and a number of them will be security relevant |
||
20 | and might get exploited. |
||
21 | |||
22 | As we know from more than a decade of security nightmares on the Internet: Open Source |
||
23 | projects provide a much higher level of security, as more eyes review the code and |
||
24 | security related bugs get fixed almost immediately. An update is released, and that |
||
25 | particular security issue is closed. |
||
26 | |||
27 | Most people understand that connecting an unprotected PC to a public network like |
||
28 | the internet is dangerous. People use personal or dedicated firewalls, application |
||
29 | level gateways, virus scanners and other technology to protect their PC. |
||
30 | |||
31 | But what about the mobile phone, particularly the baseband processor? It is permanently |
||
32 | attached to a public network, in most cases there is no proper incident response management |
||
33 | and not even a clean way how bugs in that software can be updated quickly, as device |
||
34 | manufacturers rarely release firmware update, publish security advisories or any of |
||
35 | that sort. |
||
36 | |||
37 | The security situation becomes even worse when looking at the software architecture in |
||
38 | those baseband chips. They often run the entire software stack in supervisor mode, |
||
39 | without any software protection. There are no non-executable pages, there's no |
||
40 | stack protection, etc. The UI and the protocol stack run in one shared address |
||
41 | space with no privilege separation. |
||
42 | 3 | laforge | |
43 | 1 | laforge | The only companies that have access to the baseband firmware source code have no |
44 | interest in improving this situation. So the logical conclusion is to form an |
||
45 | Open Source project that can try to improve the situation |
||
46 | |||
47 | |||
48 | 4 | laforge | h3. Education |
49 | |||
50 | |||
51 | 2 | laforge | Despite GSM being a public standard maintained by the ETSI, there are very few |
52 | people outside a small group of GSM baseband chip makers who really understand |
||
53 | the details of operation in a GSM mobile phone. |
||
54 | |||
55 | Existing books and other publications focus on "user" or "system administrator" |
||
56 | topics such as network deployment. Or they are scientific literature about |
||
57 | the signal processing involved in GSM and optimizations thereof. Other books |
||
58 | explain the layer 3 protocol very well, but only from a theoretical point of |
||
59 | view. |
||
60 | |||
61 | Designing and implementing the software that runs in the digital baseband of |
||
62 | a GSM mobile phone covers many areas that are currently not publicized much. |
||
63 | |||
64 | One such topic is the layer 1 stack operating synchronous to the TDMA frame |
||
65 | clock of the GSM network. Another important practical issue is what software |
||
66 | can do for power efficiency, as this directly translates to longer battery life. |
||
67 | |||
68 | Digital Baseband ASICs and their corresponding software are present in |
||
69 | billions of mobile phones, but the detailed knowledge on how they work is so |
||
70 | far restricted to a small elite of engineers working for the industry. |
||
71 | |||
72 | 1 | laforge | Compare that with the knowledge of the Internet protocols such as Ethernet, IP, |
73 | TCP, HTTP, SMTP and others. Virtually every IT professional around the world |
||
74 | understands them, the knowledge is wide spread. One of the major reason for |
||
75 | 2 | laforge | that is the existence of no Free Software or Open Source software implementations. |
76 | |||
77 | 4 | laforge | |
78 | h3. Research |
||
79 | |||
80 | 2 | laforge | |
81 | Any practical research into GSM, especially GSM security needs both theoretical |
||
82 | knowledge on the protocols as well as well-documented/published/accessible |
||
83 | implementation, such as a Free Software / Open Source implementation. |
||
84 | |||
85 | It is quite conceivable that the cellular industry itself has no interest in any |
||
86 | research that could harm their market position. Therefore, it is doing as much |
||
87 | as it can to close and hide the operation of their DBB hardware and software from |
||
88 | the general public. |
||
89 | |||
90 | Based on knowledge of the GSM protocols and the general availability of an |
||
91 | Open Source implementation that this project is working on, a great many more people |
||
92 | 3 | laforge | are enabled to perform research on GSM protocols. |
93 | 2 | laforge | |
94 | Such research no longer requires a close alignment with the cellular industry |
||
95 | to get access to key technology - which in turn results in freedom and independence |
||
96 | about the topics of research and the publication of any results thereof. |